def _create_iip(self, pod_name, pod_namespace, vn_obj, vmi):
# Instance-ip for pods are ALWAYS allocated from pod ipam on this
# VN. Get the subnet uuid of the pod ipam on this VN, so we can request
# an IP from it.
vn = VirtualNetworkKM.find_by_name_or_uuid(vn_obj.get_uuid())
if not vn:
# It is possible our cache may not have the VN yet. Locate it.
vn = VirtualNetworkKM.locate(vn_obj.get_uuid())
pod_ipam_subnet_uuid = vn.get_ipam_subnet_uuid(
vnc_kube_config.pod_ipam_fq_name())
# Create instance-ip.
display_name = VncCommon.make_display_name(pod_namespace, pod_name)
iip_uuid = str(uuid.uuid1())
iip_name = VncCommon.make_name(pod_name, iip_uuid)
iip_obj = InstanceIp(name=iip_name,
subnet_uuid=pod_ipam_subnet_uuid,
display_name=display_name)
iip_obj.uuid = iip_uuid
iip_obj.add_virtual_network(vn_obj)
# Creation of iip requires the vmi vnc object.
vmi_obj = self._vnc_lib.virtual_machine_interface_read(
fq_name=vmi.fq_name)
iip_obj.add_virtual_machine_interface(vmi_obj)
InstanceIpKM.add_annotations(self, iip_obj, pod_namespace, pod_name)
try:
self._vnc_lib.instance_ip_create(iip_obj)
except RefsExistError:
self._vnc_lib.instance_ip_update(iip_obj)
InstanceIpKM.locate(iip_obj.uuid)
return iip_obj
def _delete_virtual_network(self, ns_name, vn_name):
"""
Delete the virtual network associated with this namespace.
"""
# First lookup the cache for the entry.
vn = VirtualNetworkKM.find_by_name_or_uuid(vn_name)
if not vn:
return
proj_fq_name = vnc_kube_config.cluster_project_fq_name(ns_name)
try:
vn_obj = self._vnc_lib.virtual_network_read(fq_name=vn.fq_name)
# Delete/cleanup ipams allocated for this network.
ipam_refs = vn_obj.get_network_ipam_refs()
if ipam_refs:
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
for ipam in ipam_refs:
ipam_obj = NetworkIpam(name=ipam['to'][-1],
parent_obj=proj_obj)
vn_obj.del_network_ipam(ipam_obj)
self._vnc_lib.virtual_network_update(vn_obj)
except NoIdError:
pass
# Delete the network.
self._vnc_lib.virtual_network_delete(id=vn.uuid)
# Delete the network from cache.
VirtualNetworkKM.delete(vn.uuid)
def test_pod_add_scaling(self):
scale = 100
self._create_namespace(self.ns_name, None)
proj_fq_name = ['default-domain', self.cluster_project]
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
vn_obj_uuid = self._create_virtual_network(proj_obj, self.vn_name).uuid
self._assert_virtual_network(vn_obj_uuid)
pods = []
for i in xrange(scale):
testpod = self._create_update_pod(self.pod_name + str(i),
self.ns_name, self.pod_status,
None, 'ADDED')
self.wait_for_all_tasks_done()
self._assert_virtual_machine(testpod.uuid, self.cluster_project,
proj_obj, vn_obj_uuid)
pods.append(testpod)
vn_obj = VirtualNetworkKM.locate(vn_obj_uuid)
self.assertTrue(len(vn_obj.instance_ips) == scale)
for i, pod in enumerate(pods):
self._delete_pod(pod)
self.wait_for_all_tasks_done()
vn_obj = VirtualNetworkKM.locate(vn_obj_uuid)
self.assertTrue(len(vn_obj.instance_ips) == scale - 1 - i)
def test_pod_add_scaling(self):
scale = 100
self._create_namespace(self.ns_name, None)
proj_fq_name = ['default-domain', self.cluster_project]
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
vn_obj_uuid = self._create_virtual_network(proj_obj, self.vn_name).uuid
self._assert_virtual_network(vn_obj_uuid)
pods = []
for i in xrange(scale):
testpod = self._create_update_pod(self.pod_name + str(i),
self.ns_name,
self.pod_status,
None, 'ADDED')
self._assert_virtual_machine(testpod.uuid, self.cluster_project,
proj_obj, vn_obj_uuid)
pods.append(testpod)
vn_obj = VirtualNetworkKM.locate(vn_obj_uuid)
self.assertTrue(len(vn_obj.instance_ips) == scale)
for i, pod in enumerate(pods):
self._delete_pod(pod)
vn_obj = VirtualNetworkKM.locate(vn_obj_uuid)
self.assertTrue(len(vn_obj.instance_ips) == scale - 1 - i)
def _delete_isolated_ns_virtual_network(self, ns_name, vn_name,
proj_fq_name):
"""
Delete the virtual network associated with this namespace.
"""
# First lookup the cache for the entry.
vn = VirtualNetworkKM.find_by_name_or_uuid(vn_name)
if not vn:
return
try:
vn_obj = self._vnc_lib.virtual_network_read(fq_name=vn.fq_name)
# Delete/cleanup ipams allocated for this network.
ipam_refs = vn_obj.get_network_ipam_refs()
if ipam_refs:
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
for ipam in ipam_refs:
ipam_obj = NetworkIpam(
name=ipam['to'][-1], parent_obj=proj_obj)
vn_obj.del_network_ipam(ipam_obj)
self._vnc_lib.virtual_network_update(vn_obj)
except NoIdError:
pass
# Delete the network.
self._vnc_lib.virtual_network_delete(id=vn.uuid)
# Delete the network from cache.
VirtualNetworkKM.delete(vn.uuid)
def _create_iip(self, pod_name, pod_namespace, vn_obj, vmi):
# Instance-ip for pods are ALWAYS allocated from pod ipam on this
# VN. Get the subnet uuid of the pod ipam on this VN, so we can request
# an IP from it.
vn = VirtualNetworkKM.find_by_name_or_uuid(vn_obj.get_uuid())
if not vn:
# It is possible our cache may not have the VN yet. Locate it.
vn = VirtualNetworkKM.locate(vn_obj.get_uuid())
pod_ipam_subnet_uuid = vn.get_ipam_subnet_uuid(
vnc_kube_config.pod_ipam_fq_name())
# Create instance-ip.
display_name = VncCommon.make_display_name(pod_namespace, pod_name)
iip_uuid = str(uuid.uuid1())
iip_name = VncCommon.make_name(pod_name, iip_uuid)
iip_obj = InstanceIp(name=iip_name, subnet_uuid=pod_ipam_subnet_uuid,
display_name=display_name)
iip_obj.uuid = iip_uuid
iip_obj.add_virtual_network(vn_obj)
# Creation of iip requires the vmi vnc object.
vmi_obj = self._vnc_lib.virtual_machine_interface_read(
fq_name=vmi.fq_name)
iip_obj.add_virtual_machine_interface(vmi_obj)
InstanceIpKM.add_annotations(self, iip_obj, pod_namespace, pod_name)
try:
self._vnc_lib.instance_ip_create(iip_obj)
except RefsExistError:
self._vnc_lib.instance_ip_update(iip_obj)
InstanceIpKM.locate(iip_obj.uuid)
return iip_obj
def _delete_virtual_network(self, ns_name, vn_name):
"""
Delete the virtual network associated with this namespace.
"""
# First lookup the cache for the entry.
vn = VirtualNetworkKM.find_by_name_or_uuid(vn_name)
if not vn:
return
proj_fq_name = vnc_kube_config.cluster_project_fq_name(ns_name)
try:
vn_obj = self._vnc_lib.virtual_network_read(fq_name=vn.fq_name)
# Delete/cleanup ipams allocated for this network.
ipam_refs = vn_obj.get_network_ipam_refs()
if ipam_refs:
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
for ipam in ipam_refs:
ipam_obj = NetworkIpam(
name=ipam['to'][-1], parent_obj=proj_obj)
vn_obj.del_network_ipam(ipam_obj)
self._vnc_lib.virtual_network_update(vn_obj)
except RefsExistError as e:
# Delete of custom network when it is still in use is not
# supported yet. Log deletion attempt and return without deleting VN
self._logger.error("%s: Cannot delete Network %s . %s"
%(self._name, vn_name, str(e)))
return
except NoIdError:
pass
# Delete the network.
self._vnc_lib.virtual_network_delete(id=vn.uuid)
# Delete the network from cache.
VirtualNetworkKM.delete(vn.uuid)
def _create_virtual_network(self, vn_name, proj_obj, ipam_obj, \
ipam_update, provider=None, subnets=None, \
type='flat-subnet-only'):
vn_exists = False
vn = VirtualNetwork(name=vn_name,
parent_obj=proj_obj,
address_allocation_mode=type)
try:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_exists = True
except NoIdError:
# VN does not exist. Create one.
vn_obj = vn
if vn_exists:
return vn_obj
# Attach IPAM to virtual network.
#
# For flat-subnets, the subnets are specified on the IPAM and
# not on the virtual-network to IPAM link. So pass an empty
# list of VnSubnetsType.
# For user-defined-subnets, use the provided subnets
if ipam_update or \
not self._is_ipam_exists(vn_obj, ipam_obj.get_fq_name()):
if subnets and type == 'user-defined-subnet-only':
vn_obj.add_network_ipam(ipam_obj, subnets)
else:
vn_obj.add_network_ipam(ipam_obj, VnSubnetsType([]))
vn_obj.set_virtual_network_properties(
VirtualNetworkType(forwarding_mode='l3'))
fabric_snat = False
if self.ip_fabric_snat:
fabric_snat = True
if not vn_exists:
if self.ip_fabric_forwarding:
if provider:
#enable ip_fabric_forwarding
vn_obj.add_virtual_network(provider)
elif fabric_snat:
#enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
#disable fabric_snat
vn_obj.set_fabric_snat(False)
# Create VN.
self._vnc_lib.virtual_network_create(vn_obj)
else:
# TODO: Handle Network update
pass
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn_obj.get_fq_name())
VirtualNetworkKM.locate(vn_obj.uuid)
return vn_obj
def _delete_virtual_network(self, ns_name, vn_name):
"""
Delete the virtual network associated with this namespace.
"""
# First lookup the cache for the entry.
vn = VirtualNetworkKM.find_by_name_or_uuid(vn_name)
if not vn:
return
proj_fq_name = vnc_kube_config.cluster_project_fq_name(ns_name)
try:
vn_obj = self._vnc_lib.virtual_network_read(fq_name=vn.fq_name)
# Delete/cleanup ipams allocated for this network.
ipam_refs = vn_obj.get_network_ipam_refs()
if ipam_refs:
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
for ipam in ipam_refs:
ipam_obj = NetworkIpam(
name=ipam['to'][-1], parent_obj=proj_obj)
vn_obj.del_network_ipam(ipam_obj)
self._vnc_lib.virtual_network_update(vn_obj)
except RefsExistError as e:
# Delete of custom network when it is still in use is not
# supported yet. Log deletion attempt and return without deleting VN
self._logger.error("%s: Cannot delete Network %s . %s"
% (self._name, vn_name, str(e)))
return
except NoIdError:
pass
# Delete the network.
self._vnc_lib.virtual_network_delete(id=vn.uuid)
# Delete the network from cache.
VirtualNetworkKM.delete(vn.uuid)
def _create_virtual_network(self, vn_name, proj_obj, ipam_obj, \
ipam_update, provider=None, subnets=None, \
type='flat-subnet-only'):
vn_exists = False
vn = VirtualNetwork(name=vn_name, parent_obj=proj_obj,
address_allocation_mode=type)
try:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_exists = True
except NoIdError:
# VN does not exist. Create one.
vn_obj = vn
if vn_exists:
return vn_obj
# Attach IPAM to virtual network.
#
# For flat-subnets, the subnets are specified on the IPAM and
# not on the virtual-network to IPAM link. So pass an empty
# list of VnSubnetsType.
# For user-defined-subnets, use the provided subnets
if ipam_update or \
not self._is_ipam_exists(vn_obj, ipam_obj.get_fq_name()):
if subnets and type == 'user-defined-subnet-only':
vn_obj.add_network_ipam(ipam_obj, subnets)
else:
vn_obj.add_network_ipam(ipam_obj, VnSubnetsType([]))
vn_obj.set_virtual_network_properties(
VirtualNetworkType(forwarding_mode='l3'))
fabric_snat = False
if self.ip_fabric_snat:
fabric_snat = True
if not vn_exists:
if self.ip_fabric_forwarding:
if provider:
#enable ip_fabric_forwarding
vn_obj.add_virtual_network(provider)
elif fabric_snat:
#enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
#disable fabric_snat
vn_obj.set_fabric_snat(False)
# Create VN.
self._vnc_lib.virtual_network_create(vn_obj)
else:
# TODO: Handle Network update
pass
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn_obj.get_fq_name())
VirtualNetworkKM.locate(vn_obj.uuid)
return vn_obj
def _create_network(self,
vn_name,
vn_type,
proj_obj,
ipam_obj,
ipam_update,
provider=None):
# Check if the VN already exists.
# If yes, update existing VN object with k8s config.
vn_exists = False
vn = VirtualNetwork(name=vn_name,
parent_obj=proj_obj,
address_allocation_mode='flat-subnet-only')
try:
vn_obj = self.vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_exists = True
except NoIdError:
# VN does not exist. Create one.
vn_obj = vn
# Attach IPAM to virtual network.
#
# For flat-subnets, the subnets are specified on the IPAM and
# not on the virtual-network to IPAM link. So pass an empty
# list of VnSubnetsType.
if ipam_update or \
not self._is_ipam_exists(vn_obj, ipam_obj.get_fq_name()):
vn_obj.add_network_ipam(ipam_obj, VnSubnetsType([]))
vn_obj.set_virtual_network_properties(
VirtualNetworkType(forwarding_mode='l3'))
fabric_snat = False
if vn_type == 'pod-network':
fabric_snat = True
if not vn_exists:
if self.args.ip_fabric_forwarding:
if provider:
# enable ip_fabric_forwarding
vn_obj.add_virtual_network(provider)
elif fabric_snat and self.args.ip_fabric_snat:
# enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
# disable fabric_snat
vn_obj.set_fabric_snat(False)
# Create VN.
self.vnc_lib.virtual_network_create(vn_obj)
else:
self.vnc_lib.virtual_network_update(vn_obj)
vn_obj = self.vnc_lib.virtual_network_read(
fq_name=vn_obj.get_fq_name())
VirtualNetworkKM.locate(vn_obj.uuid)
return vn_obj
def _create_iip(self, pod_name, pod_namespace, proj_uuid, vn_obj, vmi,
vmi_ip):
# Instance-ip for pods are ALWAYS allocated from pod ipam on this
# VN. Get the subnet uuid of the pod ipam on this VN, so we can request
# an IP from it.
vn = VirtualNetworkKM.find_by_name_or_uuid(vn_obj.get_uuid())
if not vn:
# It is possible our cache may not have the VN yet. Locate it.
vn = VirtualNetworkKM.locate(vn_obj.get_uuid())
if self._is_pod_network_isolated(pod_namespace):
vn_namespace = pod_namespace
else:
vn_namespace = 'default'
if self._is_ip_fabric_forwarding_enabled(vn_namespace):
ipam_fq_name = vnc_kube_config.ip_fabric_ipam_fq_name()
else:
ipam_fq_name = vnc_kube_config.pod_ipam_fq_name()
pod_ipam_subnet_uuid = vn.get_ipam_subnet_uuid(ipam_fq_name)
# Create instance-ip.
iip_uuid = str(uuid.uuid1())
iip_name = VncCommon.make_name(pod_name, iip_uuid)
perms2 = PermType2()
perms2.owner = proj_uuid
perms2.owner_access = cfgm_common.PERMS_RWX
iip_obj = InstanceIp(name=iip_name,
instance_ip_address=vmi_ip,
subnet_uuid=pod_ipam_subnet_uuid,
display_name=iip_name,
perms2=perms2)
iip_obj.uuid = iip_uuid
iip_obj.add_virtual_network(vn_obj)
# Creation of iip requires the vmi vnc object.
vmi_obj = self._vnc_lib.virtual_machine_interface_read(
fq_name=vmi.fq_name)
iip_obj.add_virtual_machine_interface(vmi_obj)
InstanceIpKM.add_annotations(self, iip_obj, pod_namespace, pod_name)
self._logger.debug("%s: Create IIP from ipam_fq_name [%s]"
" pod_ipam_subnet_uuid [%s]"
" vn [%s] vmi_fq_name [%s]" %
(self._name, ipam_fq_name, pod_ipam_subnet_uuid,
vn.name, vmi.fq_name))
try:
self._vnc_lib.instance_ip_create(iip_obj)
except RefsExistError:
self._vnc_lib.instance_ip_update(iip_obj)
InstanceIpKM.locate(iip_obj.uuid)
return iip_obj
def _create_isolated_ns_virtual_network(self, ns_name, vn_name,
proj_obj, ipam_obj=None, provider=None):
"""
Create a virtual network for this namespace.
"""
vn = VirtualNetwork(
name=vn_name, parent_obj=proj_obj,
virtual_network_properties=VirtualNetworkType(forwarding_mode='l3'),
address_allocation_mode='flat-subnet-only')
# Add annotatins on this isolated virtual-network.
VirtualNetworkKM.add_annotations(self, vn, namespace=ns_name,
name=ns_name, isolated='True')
try:
vn_uuid = self._vnc_lib.virtual_network_create(vn)
except RefsExistError:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_uuid = vn_obj.uuid
vn = vn_obj
# Instance-Ip for pods on this VN, should be allocated from
# cluster pod ipam. Attach the cluster pod-ipam object
# to this virtual network.
vn.add_network_ipam(ipam_obj, VnSubnetsType([]))
# enable ip-fabric-forwarding
if provider:
ip_fabric_forwarding = self._get_ip_fabric_forwarding(ns_name)
if ip_fabric_forwarding == True:
add_provider = True
elif ip_fabric_forwarding == False:
add_provider = False
else:
add_provider = self._args.ip_fabric_forwarding
if add_provider:
vn.add_virtual_network(provider)
else:
vn_refs = vn.get_virtual_network_refs()
for vn_ref in vn_refs or []:
vn_ref_obj = self._vnc_lib.virtual_network_read(id=vn_ref['uuid'])
vn.del_virtual_network(vn_ref_obj)
# Update VN.
self._vnc_lib.virtual_network_update(vn)
# Cache the virtual network.
VirtualNetworkKM.locate(vn_uuid)
return vn
def _delete_isolated_ns_virtual_network(self, ns_name, vn_name,
proj_fq_name):
"""
Delete the virtual network associated with this namespace.
"""
# First lookup the cache for the entry.
vn = VirtualNetworkKM.find_by_name_or_uuid(vn_name)
if not vn:
return
try:
vn_obj = self._vnc_lib.virtual_network_read(fq_name=vn.fq_name)
# Delete/cleanup network policy allocated for this network.
network_policy_refs = vn_obj.get_network_policy_refs()
if network_policy_refs:
for network_policy_ref in network_policy_refs:
if network_policy_ref['uuid'] ==\
self._cluster_service_policy.uuid:
continue
if network_policy_ref['uuid'] ==\
self._ip_fabric_policy.uuid:
continue
try:
self._vnc_lib. \
network_policy_delete(id=network_policy_ref['uuid'])
except NoIdError:
# It is possible NP got cleaned up as part of one other
# virtual network.
pass
# Delete/cleanup ipams allocated for this network.
ipam_refs = vn_obj.get_network_ipam_refs()
if ipam_refs:
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
for ipam in ipam_refs:
ipam_obj = NetworkIpam(
name=ipam['to'][-1], parent_obj=proj_obj)
vn_obj.del_network_ipam(ipam_obj)
self._vnc_lib.virtual_network_update(vn_obj)
except NoIdError:
pass
# Delete the network.
self._vnc_lib.virtual_network_delete(id=vn.uuid)
# Delete the network from cache.
VirtualNetworkKM.delete(vn.uuid)
def test_delete_add_pod_after_kube_manager_is_killed(self):
self._create_namespace(self.ns_name, None)
proj_fq_name = ['default-domain', self.cluster_project]
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
vn_obj = self._create_virtual_network(proj_obj, self.vn_name)
testpod = self._create_update_pod(self.pod_name,
self.ns_name,
self.pod_status,
None, 'ADDED')
self.wait_for_all_tasks_done()
self._assert_virtual_network(vn_obj.uuid)
self._assert_virtual_machine(testpod.uuid, self.cluster_project,
proj_obj, vn_obj.uuid)
self.kill_kube_manager()
self._delete_pod(testpod)
testpod = self._create_update_pod(self.pod_name,
self.ns_name,
self.pod_status,
None, 'ADDED')
self.spawn_kube_manager()
self.wait_for_all_tasks_done()
self._assert_virtual_network(vn_obj.uuid)
self._assert_virtual_machine(testpod.uuid, self.cluster_project,
proj_obj, vn_obj.uuid)
self._delete_pod(testpod)
self.wait_for_all_tasks_done()
vn_obj = VirtualNetworkKM.locate(vn_obj.uuid)
self._assert_virtual_network(vn_obj.uuid)
tmp_fq_name = ['default-domain', self.cluster_project, self.pod_name]
self.assertRaises(
NoIdError,
self._vnc_lib.virtual_machine_read,
fq_name=tmp_fq_name
)
vn_obj = VirtualNetworkKM.locate(vn_obj.uuid)
self.assertTrue(len(vn_obj.instance_ips) == 0)
def test_delete_add_pod_after_kube_manager_is_killed(self):
self._create_namespace(self.ns_name, None)
proj_fq_name = ['default-domain', self.cluster_project]
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
vn_obj = self._create_virtual_network(proj_obj, self.vn_name)
testpod = self._create_update_pod(self.pod_name,
self.ns_name,
self.pod_status,
None, 'ADDED')
self.wait_for_all_tasks_done()
self._assert_virtual_network(vn_obj.uuid)
self._assert_virtual_machine(testpod.uuid, self.cluster_project,
proj_obj, vn_obj.uuid)
self.kill_kube_manager()
self._delete_pod(testpod)
testpod = self._create_update_pod(self.pod_name,
self.ns_name,
self.pod_status,
None, 'ADDED')
self.spawn_kube_manager()
self.wait_for_all_tasks_done()
self._assert_virtual_network(vn_obj.uuid)
self._assert_virtual_machine(testpod.uuid, self.cluster_project,
proj_obj, vn_obj.uuid)
self._delete_pod(testpod)
self.wait_for_all_tasks_done()
vn_obj = VirtualNetworkKM.locate(vn_obj.uuid)
self._assert_virtual_network(vn_obj.uuid)
tmp_fq_name = ['default-domain', self.cluster_project, self.pod_name]
self.assertRaises(
NoIdError,
self._vnc_lib.virtual_machine_read,
fq_name=tmp_fq_name
)
vn_obj = VirtualNetworkKM.locate(vn_obj.uuid)
self.assertTrue(len(vn_obj.instance_ips) == 0)
def test_pod_add_delete_with_namespace_isolation_true(self):
proj_obj = self.create_project(self.cluster_project)
self._create_network_ipam('pod-ipam', 'flat-subnet', '10.32.0.0/12',
proj_obj)
self._create_namespace(self.ns_name, None, True)
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=['default-domain', self.cluster_project, self.vn_name])
testpod = self._create_update_pod(self.pod_name, self.ns_name,
self.pod_status, None, 'ADDED')
self.wait_for_all_tasks_done()
self._assert_virtual_network(vn_obj.uuid)
self._assert_virtual_machine(testpod.uuid, self.cluster_project,
proj_obj, vn_obj.uuid)
self._delete_pod(testpod)
self.wait_for_all_tasks_done()
self._assert_virtual_network(vn_obj.uuid)
tmp_fq_name = ['default-domain', self.ns_name, self.pod_name]
self.assertRaises(NoIdError,
self._vnc_lib.virtual_machine_read,
fq_name=tmp_fq_name)
vn_obj = VirtualNetworkKM.locate(vn_obj.uuid)
self.assertTrue(len(vn_obj.instance_ips) == 0)
def test_pod_add_delete_with_pod_custom_network_annotation(self):
proj_obj = self.create_project(self.cluster_project)
vn_obj = self._create_virtual_network(proj_obj, self.vn_name)
self._create_namespace(self.ns_name, None)
proj_fq_name = ['default-domain', self.cluster_project]
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
testpod = self._create_update_pod(self.pod_name, self.ns_name,
self.pod_status, self.eval_vn_dict,
'ADDED')
self.wait_for_all_tasks_done()
self._assert_virtual_network(vn_obj.uuid)
self._assert_virtual_machine(testpod.uuid, self.cluster_project,
proj_obj, vn_obj.uuid)
self._delete_pod(testpod)
self.wait_for_all_tasks_done()
self._assert_virtual_network(vn_obj.uuid)
tmp_fq_name = ['default-domain', self.ns_name, self.pod_name]
self.assertRaises(NoIdError,
self._vnc_lib.virtual_machine_read,
fq_name=tmp_fq_name)
vn_obj = VirtualNetworkKM.locate(vn_obj.uuid)
self.assertTrue(len(vn_obj.instance_ips) == 0)
def test_pod_add_delete_with_pod_custom_network_annotation(self):
proj_obj = self.create_project(self.cluster_project)
vn_obj = self._create_virtual_network(proj_obj, self.vn_name)
self._create_namespace(self.ns_name, None)
proj_fq_name = ['default-domain', self.cluster_project]
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
testpod = self._create_update_pod(self.pod_name,
self.ns_name,
self.pod_status,
self.eval_vn_dict, 'ADDED')
self._assert_virtual_network(vn_obj.uuid)
self._assert_virtual_machine(testpod.uuid, self.cluster_project,
proj_obj, vn_obj.uuid)
self._delete_pod(testpod)
self._assert_virtual_network(vn_obj.uuid)
tmp_fq_name = ['default-domain', self.ns_name, self.pod_name]
self.assertRaises(
NoIdError,
self._vnc_lib.virtual_machine_read,
fq_name=tmp_fq_name
)
vn_obj = VirtualNetworkKM.locate(vn_obj.uuid)
self.assertTrue(len(vn_obj.instance_ips) == 0)
def test_pod_add_delete(self):
self._create_namespace(self.ns_name, None)
proj_fq_name = ['default-domain', self.cluster_project]
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
vn_obj_uuid = self._create_virtual_network(proj_obj, self.vn_name).uuid
pod_uuid, pod_meta, pod_spec = self._create_pod(
self.pod_name, self.ns_name, self.pod_status, None)
self.wait_for_all_tasks_done()
self._assert_virtual_network(vn_obj_uuid)
self._assert_virtual_machine(pod_uuid, self.cluster_project, proj_obj,
vn_obj_uuid)
self._delete_pod(pod_uuid, pod_spec, pod_meta)
self.wait_for_all_tasks_done()
self._assert_virtual_network(vn_obj_uuid)
tmp_fq_name = ['default-domain', self.cluster_project, self.pod_name]
self.assertRaises(NoIdError,
self._vnc_lib.virtual_machine_read,
fq_name=tmp_fq_name)
vn_obj = VirtualNetworkKM.locate(vn_obj_uuid)
self.assertTrue(len(vn_obj.instance_ips) == 0)
def _add_update_pod(self, action):
ns_name = self.ns_name + '_' + str(uuid.uuid4())
self._create_namespace(ns_name, None)
proj_fq_name = ['default-domain', self.cluster_project]
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
vn_obj_uuid = self._create_virtual_network(proj_obj, self.vn_name).uuid
testpod = self._create_update_pod(self.pod_name,
ns_name,
self.pod_status,
None, action)
self._assert_virtual_network(vn_obj_uuid)
self._assert_virtual_machine(testpod.uuid, self.cluster_project,
proj_obj, vn_obj_uuid)
self._delete_pod(testpod)
self._assert_virtual_network(vn_obj_uuid)
tmp_fq_name = ['default-domain', self.cluster_project, self.pod_name]
self.assertRaises(
NoIdError,
self._vnc_lib.virtual_machine_read,
fq_name=tmp_fq_name
)
vn_obj = VirtualNetworkKM.locate(vn_obj_uuid)
self.assertTrue(len(vn_obj.instance_ips) == 0)
def test_pod_add_delete_with_namespace_isolation_true(self):
proj_obj = self.create_project(self.cluster_project)
self._create_network_ipam('pod-ipam', 'flat-subnet', '10.32.0.0/12',
proj_obj)
self._create_namespace(self.ns_name, None, True)
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=['default-domain', self.cluster_project, self.vn_name])
testpod = self._create_update_pod(self.pod_name,
self.ns_name,
self.pod_status,
None, 'ADDED')
self._assert_virtual_network(vn_obj.uuid)
self._assert_virtual_machine(testpod.uuid, self.cluster_project,
proj_obj, vn_obj.uuid)
self._delete_pod(testpod)
self._assert_virtual_network(vn_obj.uuid)
tmp_fq_name = ['default-domain', self.ns_name, self.pod_name]
self.assertRaises(
NoIdError,
self._vnc_lib.virtual_machine_read,
fq_name=tmp_fq_name
)
vn_obj = VirtualNetworkKM.locate(vn_obj.uuid)
self.assertTrue(len(vn_obj.instance_ips) == 0)
def _add_update_pod(self, action):
ns_name = self.ns_name + '_' + str(uuid.uuid4)
self._create_namespace(ns_name, None)
proj_fq_name = ['default-domain', self.cluster_project]
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
vn_obj_uuid = self._create_virtual_network(proj_obj, self.vn_name).uuid
testpod = self._create_update_pod(self.pod_name, ns_name,
self.pod_status, None, action)
self.wait_for_all_tasks_done()
self._assert_virtual_network(vn_obj_uuid)
self._assert_virtual_machine(testpod.uuid, self.cluster_project,
proj_obj, vn_obj_uuid)
self._delete_pod(testpod)
self.wait_for_all_tasks_done()
self._assert_virtual_network(vn_obj_uuid)
tmp_fq_name = ['default-domain', self.cluster_project, self.pod_name]
self.assertRaises(NoIdError,
self._vnc_lib.virtual_machine_read,
fq_name=tmp_fq_name)
vn_obj = VirtualNetworkKM.locate(vn_obj_uuid)
self.assertTrue(len(vn_obj.instance_ips) == 0)
def _create_isolated_ns_virtual_network(self, ns_name, vn_name, proj_obj):
"""
Create a virtual network for this namespace.
"""
vn = VirtualNetwork(name=vn_name,
parent_obj=proj_obj,
virtual_network_properties=VirtualNetworkType(
forwarding_mode='l3'),
address_allocation_mode='flat-subnet-only')
# Add annotatins on this isolated virtual-network.
VirtualNetworkKM.add_annotations(self,
vn,
namespace=ns_name,
name=ns_name,
isolated='True')
try:
vn_uuid = self._vnc_lib.virtual_network_create(vn)
except RefsExistError:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_uuid = vn_obj.uuid
# Instance-Ip for pods on this VN, should be allocated from
# cluster pod ipam. Attach the cluster pod-ipam object
# to this virtual network.
ipam_fq_name = vnc_kube_config.pod_ipam_fq_name()
ipam_obj = self._vnc_lib.network_ipam_read(fq_name=ipam_fq_name)
vn.add_network_ipam(ipam_obj, VnSubnetsType([]))
# Update VN.
self._vnc_lib.virtual_network_update(vn)
try:
ip_fabric_vn_obj = self._vnc_lib. \
virtual_network_read(fq_name=self._ip_fabric_fq_name)
self._create_attach_policy(proj_obj, ip_fabric_vn_obj, vn)
except NoIdError:
pass
# Cache the virtual network.
VirtualNetworkKM.locate(vn_uuid)
# Cache network info in namespace entry.
self._set_namespace_virtual_network(ns_name, vn.get_fq_name())
return vn_uuid
def _create_iip(self, pod_name, pod_namespace, vn_obj, vmi):
# Instance-ip for pods are ALWAYS allocated from pod ipam on this
# VN. Get the subnet uuid of the pod ipam on this VN, so we can request
# an IP from it.
vn = VirtualNetworkKM.find_by_name_or_uuid(vn_obj.get_uuid())
if not vn:
# It is possible our cache may not have the VN yet. Locate it.
vn = VirtualNetworkKM.locate(vn_obj.get_uuid())
if self._is_pod_network_isolated(pod_namespace):
vn_namespace = pod_namespace
else:
vn_namespace = 'default'
if self._is_ip_fabric_forwarding_enabled(vn_namespace):
ipam_fq_name = vnc_kube_config.ip_fabric_ipam_fq_name()
else:
ipam_fq_name = vnc_kube_config.pod_ipam_fq_name()
pod_ipam_subnet_uuid = vn.get_ipam_subnet_uuid(ipam_fq_name)
# Create instance-ip.
iip_uuid = str(uuid.uuid1())
iip_name = VncCommon.make_name(pod_name, iip_uuid)
iip_obj = InstanceIp(name=iip_name, subnet_uuid=pod_ipam_subnet_uuid,
display_name=iip_name)
iip_obj.uuid = iip_uuid
iip_obj.add_virtual_network(vn_obj)
# Creation of iip requires the vmi vnc object.
vmi_obj = self._vnc_lib.virtual_machine_interface_read(
fq_name=vmi.fq_name)
iip_obj.add_virtual_machine_interface(vmi_obj)
InstanceIpKM.add_annotations(self, iip_obj, pod_namespace, pod_name)
self._logger.debug("%s: Create IIP from ipam_fq_name [%s]"
" pod_ipam_subnet_uuid [%s]"
" vn [%s] vmi_fq_name [%s]" %\
(self._name, ipam_fq_name, pod_ipam_subnet_uuid,
vn.name, vmi.fq_name))
try:
self._vnc_lib.instance_ip_create(iip_obj)
except RefsExistError:
self._vnc_lib.instance_ip_update(iip_obj)
InstanceIpKM.locate(iip_obj.uuid)
return iip_obj
def _get_service_ipam_subnet_uuid(self, vn_obj):
service_ipam_subnet_uuid = None
fq_name = vnc_kube_config.service_ipam_fq_name()
vn = VirtualNetworkKM.find_by_name_or_uuid(vn_obj.get_uuid())
if vn:
service_ipam_subnet_uuid = vn.get_ipam_subnet_uuid(fq_name)
if service_ipam_subnet_uuid is None:
self.logger.error("%s - %s Not Found" % (self._name, fq_name))
return service_ipam_subnet_uuid
def _is_namespace_isolated(self, ns_name):
"""
Check if this namespace is configured as isolated.
"""
ns = self._get_namespace(ns_name)
if ns:
return ns.is_isolated()
# Kubernetes namespace obj is not available to check isolation config.
#
# Check if the virtual network associated with the namespace is
# annotated as isolated. If yes, then the namespace is isolated.
vn_uuid = VirtualNetworkKM.get_ann_fq_name_to_uuid(self, ns_name,
ns_name)
if vn_uuid:
vn_obj = VirtualNetworkKM.get(vn_uuid)
if vn_obj:
return vn_obj.is_k8s_namespace_isolated()
# By default, namespace is not isolated.
return False
def _is_namespace_isolated(self, ns_name):
"""
Check if this namespace is configured as isolated.
"""
ns = self._get_namespace(ns_name)
if ns:
return ns.is_isolated()
# Kubernetes namespace obj is not available to check isolation config.
#
# Check if the virtual network associated with the namespace is
# annotated as isolated. If yes, then the namespace is isolated.
vn_uuid = VirtualNetworkKM.get_ann_fq_name_to_uuid(
self, ns_name, ns_name)
if vn_uuid:
vn_obj = VirtualNetworkKM.get(vn_uuid)
if vn_obj:
return vn_obj.is_k8s_namespace_isolated()
# By default, namespace is not isolated.
return False
def _create_isolated_ns_virtual_network(self, ns_name, vn_name, proj_obj):
"""
Create a virtual network for this namespace.
"""
vn = VirtualNetwork(
name=vn_name, parent_obj=proj_obj,
virtual_network_properties=VirtualNetworkType(forwarding_mode='l3'),
address_allocation_mode='flat-subnet-only')
# Add annotatins on this isolated virtual-network.
VirtualNetworkKM.add_annotations(self, vn, namespace=ns_name,
name=ns_name, isolated='True')
try:
vn_uuid = self._vnc_lib.virtual_network_create(vn)
except RefsExistError:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_uuid = vn_obj.uuid
# Instance-Ip for pods on this VN, should be allocated from
# cluster pod ipam. Attach the cluster pod-ipam object
# to this virtual network.
ipam_fq_name = vnc_kube_config.pod_ipam_fq_name()
ipam_obj = self._vnc_lib.network_ipam_read(
fq_name=ipam_fq_name)
vn.add_network_ipam(ipam_obj, VnSubnetsType([]))
# Update VN.
self._vnc_lib.virtual_network_update(vn)
# Cache the virtual network.
VirtualNetworkKM.locate(vn_uuid)
# Cache network info in namespace entry.
self._set_namespace_virtual_network(ns_name, vn.get_fq_name())
return vn_uuid
def _delete_isolated_ns_virtual_network(self, ns_name, vn_name,
proj_fq_name):
"""
Delete the virtual network associated with this namespace.
"""
# First lookup the cache for the entry.
vn = VirtualNetworkKM.find_by_name_or_uuid(vn_name)
if not vn:
return
try:
vn_obj = self._vnc_lib.virtual_network_read(fq_name=vn.fq_name)
# Delete/cleanup network policy allocated for this network.
network_policy_refs = vn_obj.get_network_policy_refs()
if network_policy_refs:
for network_policy_ref in network_policy_refs:
self._vnc_lib. \
network_policy_delete(id=network_policy_ref['uuid'])
# Delete/cleanup ipams allocated for this network.
ipam_refs = vn_obj.get_network_ipam_refs()
if ipam_refs:
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
for ipam in ipam_refs:
ipam_obj = NetworkIpam(name=ipam['to'][-1],
parent_obj=proj_obj)
vn_obj.del_network_ipam(ipam_obj)
self._vnc_lib.virtual_network_update(vn_obj)
except NoIdError:
pass
# Delete the network.
self._vnc_lib.virtual_network_delete(id=vn.uuid)
# Delete the network from cache.
VirtualNetworkKM.delete(vn.uuid)
# Clear network info from namespace entry.
self._set_namespace_virtual_network(ns_name, None)
def _get_pod_ipam_subnet_uuid(self, ns_name, vn_obj):
pod_ipam_subnet_uuid = None
if self._is_network_isolated(ns_name):
vn_namespace = ns_name
else:
vn_namespace = 'default'
if self._is_ip_fabric_forwarding_enabled(vn_namespace):
ipam_fq_name = vnc_kube_config.ip_fabric_ipam_fq_name()
else:
ipam_fq_name = vnc_kube_config.pod_ipam_fq_name()
vn = VirtualNetworkKM.find_by_name_or_uuid(vn_obj.get_uuid())
pod_ipam_subnet_uuid = vn.get_ipam_subnet_uuid(ipam_fq_name)
if pod_ipam_subnet_uuid is None:
self._logger.error("%s - %s Not Found" %
(self._name, ipam_fq_name))
return pod_ipam_subnet_uuid
def _create_isolated_ns_virtual_network(self,
ns_name,
vn_name,
vn_type,
proj_obj,
ipam_obj=None,
provider=None,
enforce_policy=False):
"""
Create/Update a virtual network for this namespace.
"""
vn_exists = False
vn = VirtualNetwork(name=vn_name,
parent_obj=proj_obj,
virtual_network_properties=VirtualNetworkType(
forwarding_mode='l3'),
address_allocation_mode='flat-subnet-only')
try:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_exists = True
except NoIdError:
# VN does not exist. Create one.
vn_obj = vn
# Add annotatins on this isolated virtual-network.
VirtualNetworkKM.add_annotations(self,
vn,
namespace=ns_name,
name=ns_name,
isolated='True')
# Instance-Ip for pods on this VN, should be allocated from
# cluster pod ipam. Attach the cluster pod-ipam object
# to this virtual network.
vn_obj.add_network_ipam(ipam_obj, VnSubnetsType([]))
fabric_snat = False
if vn_type == 'pod-network':
if self._is_ip_fabric_snat_enabled(ns_name):
fabric_snat = True
if not vn_exists:
if provider:
# enable ip_fabric_forwarding
vn_obj.add_virtual_network(provider)
elif fabric_snat:
# enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
# disable fabric_snat
vn_obj.set_fabric_snat(False)
vn_uuid = self._vnc_lib.virtual_network_create(vn_obj)
# Cache the virtual network.
VirtualNetworkKM.locate(vn_uuid)
else:
ip_fabric_enabled = False
if provider:
vn_refs = vn_obj.get_virtual_network_refs()
ip_fabric_fq_name = provider.fq_name
for vn in vn_refs or []:
vn_fq_name = vn['to']
if vn_fq_name == ip_fabric_fq_name:
ip_fabric_enabled = True
break
if not ip_fabric_enabled and fabric_snat:
# enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
# disable fabric_snat
vn_obj.set_fabric_snat(False)
# Update VN.
self._vnc_lib.virtual_network_update(vn_obj)
vn_uuid = vn_obj.get_uuid()
vn_obj = self._vnc_lib.virtual_network_read(id=vn_uuid)
# If required, enforce security policy at virtual network level.
if enforce_policy:
self._vnc_lib.set_tags(
vn_obj,
self._labels.get_labels_dict(
VncSecurityPolicy.cluster_aps_uuid))
return vn_obj
def _assert_virtual_network(self, vn_obj_uuid):
vn_obj = self._vnc_lib.virtual_network_read(id=vn_obj_uuid)
self.assertIsNotNone(vn_obj)
vn_obj = VirtualNetworkKM.locate(vn_obj.uuid)
self.assertIsNotNone(vn_obj)
def _get_cluster_network(self):
return VirtualNetworkKM.find_by_name_or_uuid(
vnc_kube_config.cluster_default_network_name())
def _create_isolated_ns_virtual_network(self, ns_name, vn_name,
vn_type, proj_obj, ipam_obj=None, provider=None,
enforce_policy=False):
"""
Create/Update a virtual network for this namespace.
"""
vn_exists = False
vn = VirtualNetwork(
name=vn_name, parent_obj=proj_obj,
virtual_network_properties=VirtualNetworkType(forwarding_mode='l3'),
address_allocation_mode='flat-subnet-only')
try:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_exists = True
except NoIdError:
# VN does not exist. Create one.
vn_obj = vn
fabric_snat = False
if vn_type == 'pod-network':
if self._is_ip_fabric_snat_enabled(ns_name):
fabric_snat = True
if not vn_exists:
# Add annotatins on this isolated virtual-network.
VirtualNetworkKM.add_annotations(self, vn, namespace=ns_name,
name=ns_name, isolated='True')
# Instance-Ip for pods on this VN, should be allocated from
# cluster pod ipam. Attach the cluster pod-ipam object
# to this virtual network.
vn_obj.add_network_ipam(ipam_obj, VnSubnetsType([]))
if provider:
# enable ip_fabric_forwarding
vn_obj.add_virtual_network(provider)
elif fabric_snat:
# enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
# disable fabric_snat
vn_obj.set_fabric_snat(False)
vn_uuid = self._vnc_lib.virtual_network_create(vn_obj)
# Cache the virtual network.
VirtualNetworkKM.locate(vn_uuid)
else:
ip_fabric_enabled = False
if provider:
vn_refs = vn_obj.get_virtual_network_refs()
ip_fabric_fq_name = provider.fq_name
for vn in vn_refs or []:
vn_fq_name = vn['to']
if vn_fq_name == ip_fabric_fq_name:
ip_fabric_enabled = True
break
if not ip_fabric_enabled and fabric_snat:
# enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
# disable fabric_snat
vn_obj.set_fabric_snat(False)
# Update VN.
self._vnc_lib.virtual_network_update(vn_obj)
vn_uuid = vn_obj.get_uuid()
vn_obj = self._vnc_lib.virtual_network_read(id=vn_uuid)
# If required, enforce security policy at virtual network level.
if enforce_policy:
self._vnc_lib.set_tags(vn_obj,
self._labels.get_labels_dict(VncSecurityPolicy.cluster_aps_uuid))
return vn_obj
def _assert_virtual_network(self, vn_obj_uuid):
vn_obj = self._vnc_lib.virtual_network_read(id=vn_obj_uuid)
self.assertIsNotNone(vn_obj)
vn_obj = VirtualNetworkKM.locate(vn_obj.uuid)
self.assertIsNotNone(vn_obj)
